Mozilla has mounted a security bug in its Firefox for Home windows browser that was “being exploited within the wild.”
In a short replace, Mozilla mentioned it up to date the browser to Firefox model 136.0.4 after figuring out and fixing the brand new bug, tracked as CVE-2025-2857, which presents a “comparable sample” to a bug that Google patched in its Chrome browser earlier this week.
Anybody exploiting the bug may escape Firefox’s sandbox, which limits the browser’s entry to different apps and knowledge on the consumer’s laptop.
The bug additionally impacts different browsers with the identical codebase as Firefox for Home windows, such because the Tor Browser, which additionally obtained a patch updating the browser to 14.0.7.
Kaspersky researcher Boris Larin, who first found the Chrome zero-day, confirmed in a publish that the foundation reason for the Chrome bug additionally impacts Firefox. Kaspersky beforehand linked using the exploits to assaults on journalists, staff of instructional establishments, and authorities organizations in Russia.
